Hello! We noticed that one of our slave NSD servers stopped updating its zones, and are trying to find out why. The problem we faced is that there's no understanding why it says what it says. Even after looking at the code it does not makes clear :)
Here are the error messages for one domain: 11:25:35 panda nsd[1094]: xfrd: zone corpit.ru, from 192.168.177.15@54: tsig error (Bad Time) 11:25:35 panda nsd[1094]: xfrd: zone corpit.ru, from 192.168.177.15@54: bad tsig signature 11:37:18 panda nsd[1094]: xfrd: zone corpit.ru received error code SERVER NOT AUTHORITATIVE FOR ZONE from 192.168.177.15@54 (yes we run nsd on a non-standard port, that's not a problem). I can only guess the main error is "Bad Time", and the other two are the causes (but again I can be wrong). But even for the first "BADTIME" error, - is it coming from the DNSSEC stuff (if yes, what the problem is?), or from the usage of authorization key when doing XFR? Here's our config for the transfer: master (192.168.177.15): zone: name: "corpit.ru" zonefile: "/var/lib/dns/corpit.ru.signed" # panda notify: 192.168.19.1@54 mother2panda provide-xfr: 192.168.19.1 mother2panda key: name: mother2panda algorithm: hmac-sha1 secret: "..." and the secondary (panda): zone: name: "corpit.ru" zonefile: "corpit.ru" request-xfr: AXFR 192.168.177.15@54 mother2panda allow-notify: 192.168.177.15 mother2panda (with the same key definition). Thanks! /mjt _______________________________________________ nsd-users mailing list nsd-users@lists.nlnetlabs.nl https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
